A bug related to Google Home smart speakers and Chromecast bots makes it easy for hackers to know where you are, researchers have found.
This allows Google to offer a very precise geographic positioning in its applications even when the positioning service of a device is disabled.
However, this feature can be exploited by hackers to determine the position of a Google Home or Chromecast device. To do this, the attacker must lure his victim to a malicious site and ensure that he remains there for at least one minute (by presenting a video, for example).
During this time, the hacker can send a request to the targeted device asking him to locate himself. Google Home and Chromecast devices do not require authentication for such a request if it is from the same Wi-Fi network they are connected to.
If the attack works, the hacker gets the location of his victim on a Google Maps. The position would be accurate to a few meters, especially in densely populated areas, reports author and computer security specialist Brian Krebs on his blog .
Google told Krebs that it was going to fix this fault in mid-July. The company, however, initially ignored the report by researcher Craig Young, who discovered the problem last May. Only when Brian Krebs contacted Google by warning him that he intended to write on the subject that the company has changed his tune.
As our second lead editor, Brit Martinez provides guidance on the stories The Marketing Folks’ reporters cover. She has been instrumental in making sure the content on the site is clear and relevant to the readers. Brit received a BA and and MA from University of Alaska Anchorage.